Personal-size remote control transmitters are widely used to provide a convenient method of locking or unlocking vehicles, and/or to remotely arm or disarm vehicle theft deterrent systems. They are also used to control home/business security systems and garage door openers. If these transmissions can be spoofed or played back, then these systems can be controlled by unauthorized parties to gain unwanted access to the protected environment. Most, if not all, of these systems provide very little protection against spoofing and no protection at all against the playback of legitimate messages that have been recorded and/or modified. The term "spoofing" as used herein refers to the creation of a false message that is accepted by the system as a valid message.
Message authentication using cryptographic techniques is a good method for preventing spoofing and playback attacks. The U.S. Pat. No. 5,506,905 to Markowski et al entitled "AUTHENTICATION METHOD FOR KEYLESS ENTRY SYSTEM", which is incorporated herein by reference, is an example of an improved system of that type which produces very secure authenticated messages requiring a short transmission time to economize battery life in a personal transmitter. Such a keyless entry system for a motor vehicle, as shown in FIG. 1, includes a number of portable remote controls or fobs 10 small enough to carry in one's pocket or on a key chain. Each fob 10 has buttons 12 for manual selection of desired functions to be performed in the vehicle, a microprocessor 14 responsive to button actuation for formulating a command message, including an authenticator code and a function code identifying the desired function to be performed, and a radio transmitter 16 for transmitting the message. The fob 10 functions are supported by a miniature battery 17 which should have a life of several years. In the vehicle a receiver 18 receives the transmitted message, if the vehicle is within the transmitter range, and a microprocessor 20 acts upon data in the received message to determine whether the authenticator code is valid, and if so, to perform the desired function.
Each microprocessor 14 and 20 is programmed to execute a cryptographic algorithm which operates on certain stored and/or transmitted data, as well as on a selected function code to generate an authentication code which is different for every transmission, thus preventing successful replay of a previously transmitted message. The authentication code is sufficiently short to be transmitted economically but the generation procedure has a complexity that renders it impractical for an adversary to predict the next valid code based on knowledge of previously transmitted messages. The procedure for message validation is first to compare the transmitter ID with IDs stored in the receiver memory, and if an ID match is found, then for the algorithm in the microprocessor to operate on a combination of shared secret data and transmitted data to produce authentication codes, and to determine that the command is valid if the codes are the same.
Two mechanisms are jointly used to assure that the authentication code changes in an unpredictable manner. First, the algorithm operates on a seed code which is changed according to a set of rules for each transmission. A sequence number is also incremented with each transmission and is included in the message so that the receiver algorithm will know how many seed code changes to execute in order to resynchronize with the transmitter since the receiver does not necessarily receive each transmission. Second, the authenticator code is generated as a function of the seed code and the cryptographic key as well as the desired function code. Since for each transmission the function code depends on which button the operator selects, another level of complexity is added to the authenticator code generation to confound attempts to determine a predictable progression of codes, all as described in the U.S. Pat. No. 5,506,905. As shown in FIG. 2, the actuation of any button 12 sends a signal to a respective hardware register 24 in the microprocessor 14 so that the microprocessor can determine which button or buttons are pressed. Pressing a certain sequence of buttons or a certain combination of buttons may be used for a special message whereas pressing a single button calls for a normal function such as door lock, unlock or trunk open.
In manufacture, the microprocessors of both the transmitter and the receiver are equipped with the same cryptographic engine to thereby calculate the same authenticator, given common input information. Each transmitter is permanently programmed with a cryptographic key, an initial seed, and an ID number. When a receiver is first matched with one or more transmitters, it must learn those three codes. This is accomplished by enabling the program switch 22 on the receiver and actuating the transmitter to send a program message containing these codes. The transmitter is typically actuated in this case by pressing two buttons simultaneously. The program message is shown in FIG. 3. It includes a preamble which indicates the start of a message, the transmitter ID, the initial seed, the cryptographic key and a CRC. The CRC (cyclic redundancy code) is calculated from all the other field data.
During use, a normal command is generated by pressing one transmitter button and a message is transmitted in the form shown in FIG. 4 including a preamble, a function code, the transmitter ID, a sequence number, an authenticator, and a CRC. If the transmitter normal message is sent a few times when the receiver is out of range, the receiver loses synchronization with the transmitter but can catch up by using the sequence number to resynchronize. If the receiver lags in sequence by a given amount such as 264 sequence numbers, it cannot automatically resynchronize. Then it is necessary to transmit a Resynch command which is like the normal command of FIG. 4 except that a randomly selected sequence number is used. When the Resynch command is given, the initial seed is used along with the new sequence number to determine the authenticator in both the transmitter and the receiver.
During manufacture of the system, the transmitters must be signed up to the receiver and then verified to ensure correct functioning of the system later when the system is attached to a vehicle. This has been accomplished by inserting the transmitters into a station where solenoids would manipulate the buttons in a particular way to induce a fast sign-up mode. This would send a program message after one second, but for only the first transmission of the program message. Thereafter the transmitter would require a 10 second delay for sending any subsequent messages. The longer delay is desirable to reduce the potential of inadvertently sending a program message once the transmitter was in the possession of the end user. The reduced time for initial sign up (along with the solenoid activity) is still too long for efficient manufacturing, and it is available only once. It is desirable to further reduce the sign up time and to increase its availability.